I gave all my Youtube cookies to somebody. Can this person hack my Google / Youtube account?

Question

I went to my developer tools, I copy / paste all my youtube.com cookies and I gave it to somebody. Can this person use it to be connected to my Youtube / Gmail account ?? (Cookies I gave are HSID, LOGIN_INFO, __secure-PSAID, etc...)

I am afraid about that ! Thank you

Answer 1

Yes it's possible to use your cookies to connect to your account without your password before you closed your session. After the old cookies will be useless.

https://owasp.org/www-community/attacks/Session_hijacking_attack See last part of this article (Prevention): https://en.wikipedia.org/wiki/Session_hijacking

• You should activate the Multi Factor Authentication, if google see your are connecting to another location it will ask you to valide with the MFA your connection.
• You have also the possibility to view from where and when you were connected to your account with google, I don't remember where is it but it's on the google setting (after you connect on it).

I answer you in general I don't kwon how google manages their cookie